Outcome

Good

Good

Exhibit 14.2 Relationship between Decision Making and Decision Outcomes

While there are myriad risks encountered by the professional services firm, most of them can be generally categorized into four key areas:

1. Internal risks: Risks of undesirable outcomes that emanate from activities taking place inside the firm, including financial risks, employee risks, hiring risks, and systems risks.

2. Delivery risks: Risks related to the delivery of services to clients, whether on-site or off.

3. Client risks: Risks associated with the specific client but not a particular project.

Exhibit 14.3 Professional Service Firm Risk Categories and Controllability

4. External risks: General risks such as natural disasters arising from being in business but not associated with a specific client, project, or internal operation.

These risks can be placed on a rough continuum of controllability, as depicted in Exhibit 14.3. Internal risks tend to be the easiest to manage because they are related to the firms own operations and staff. Moving from left to right, delivery, client, and, finally, external risks become less and less easily controlled.

In general, controllable risks can be addressed via the usual methods-to mitigate these problems, senior management can simply dictate process, policies, and terms geared to providing the appropriate amount of flexibility and risk reduction. As the risk areas move down the controllability continuum, the less effective process and policy become, and the more important insurance, contingency planning, and avoidance become. The best written processes and policies have little effect on an earthquake in progress.

The following section details some sample risks that we have identified in each category, followed by a model for assessing risk and probability and evaluating options for mitigating risks.

Sample Risks by Category

The large number of risks faced by a specific professional services firm is difficult to inventory. The risks may vary by firm type (law versus medicine versus business consulting versus other), specific type of work, firm geography, client geography, staff type, project size, and even the personalities of the senior management team. We identify some of the possible risks in each category that may be faced by a professional services provider. While this list is clearly not comprehensive, it can serve as a good starter set or the foundation of brainstorming activities for firms to generate their own inventory of specific r isks in each categor y.

Internal Risks

Fraud/embezzlement: Internal theft by employees through fraud, embezzlement, or other intentional deceit

Accounting error: Unintentional errors made by accounting staff that impact firm income statement, balance sheet, cash flows, general ledger, or other financial information

Billing accuracy: Generation of bills that accurately reflect the proper fixed fees, time and material, and expense charges to clients

Hiring: Hiring practices that ensure individuals of the highest ethics

Records: Retention of accurate client records, working papers, financial statements, and other firm operating documents for appropriate length of time

Corporate espionage: Loss of firm intellectual property, client information, or other proprietary information to competitors

Systems and data security: Access to computing information systems and data restricted to authorized firm professionals and staff

Systems backup and recovery: Reliable backups of data and rapid recovery from system crashes, errors, or inadvertently deleted information

Physical security: Physical access to firm and client project sites and security of working papers and firm property

Staff malfeasance: Theft of property, disparagement, or other deliberate misconduct by staff members that damages the firm

Intellectual capital: Loss or theft of critical intellectual capital that distinguishes the firm or gives it competitive advantage or advanced capabilities

Staff departures: Resignation of key internal staff due to retirement, dissatisfaction, outside recruiting, moves, or other reasons

Succession: Firm senior and junior leadership succession plans

Resource management: Pipeline of resources to be available for new business as well as proper management of resources during downtimes

Delivery Risks

Skills: Availability of the specific skills or knowledge on the team to successfully complete the project or service

Scope: Well-defined parameters for project or service activities; clearly delineated goals and milestones and an unambiguous understanding of what will be regarded as successful completion in advance of commencement of the project or service

Underbidding: Underestimate of level of effort, skill set required, or other resources required to complete the project

Execution: Do-ability of the project (Do resources or skills exist within the firm, or any firm, for successfully delivering the project or service-also known as the bridge-to-the-moon problem?)

Dependencies: Project or service tasks that depend on client initiatives, staff, timelines, dates, or other events not controlled by the firm

Third-party reliance: Reliance on outside individuals or entities for completion of critical tasks in delivery of the project or service (e.g., third-party contract labor)

Confidentiality: Inadvertent or purposeful release of critical client information not for public consumption causing embarrassment or damage to the client, particularly sensitive for public companies

Travel/geography: Risks associated with the specific point of delivery of the product or service, including difficulty of getting to client site;